David40 Posted June 25, 2014 Share Posted June 25, 2014 While trying to post a spam email to Spamcop I will go through the pasted email line by line and edit out the "ad" that my AVG Antivirus tags onto every email I send or receive (www.avg.com). Once in a while, after going through an email I'll discover I can't find any link to AVG, but when I process the email I see the AVG URL has been found in the email with the usual "ISP does not wish to receive...blag, blah, blah." So the question is, how is it the AVG URL is being found by SPAMCOP when I can't find the AVG URL in the email? Is it possible it's somehow hidden from view? I can't explain it. Thanks Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 25, 2014 Share Posted June 25, 2014 You're wasting your time. SpamCop won't send a report about www.avg.com so there is no need for you to remove it from your spam. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - Link to comment Share on other sites More sharing options...
turetzsr Posted June 25, 2014 Share Posted June 25, 2014 Hi, David40, ...If you would be willing to provide a "Tracking URL" of a SpamCop parse of such a spam, we may be better able to answer your question. Some possibilities that occur to me: The spam is constructed in a way that prevents your e-mail client from displaying the URL to you. The URL is actually in a header rather than the spam body. The messages from the SpamCop parser that mention AVG are doing so not due to an AVG URL but a reference to a host for which AVG is the abuse address. This is almost certainly not the answer in your case based on what you have posted ("I see the AVG URL has been found in the email"). Link to comment Share on other sites More sharing options...
David40 Posted July 1, 2014 Author Share Posted July 1, 2014 Even though AVG does not get reported it makes me wonder what else might be being hidden. I'm curious about the "how" as well. I'll post the Tracking URL next time I get one of those, which is not often. Thanks Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 1, 2014 Share Posted July 1, 2014 This thread really belongs here: http://forum.spamcop.net/forums/index.php?showforum=3 Link to comment Share on other sites More sharing options...
Farelf Posted July 1, 2014 Share Posted July 1, 2014 You're right Peter - moved. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 1, 2014 Share Posted July 1, 2014 Thanks. Link to comment Share on other sites More sharing options...
David40 Posted July 15, 2014 Author Share Posted July 15, 2014 Hi, David40, ...If you would be willing to provide a "Tracking URL" of a SpamCop parse of such a spam, we may be better able to answer your question. Just got one. I search through this email and I cannot find any reference URL or address refering to AVG, but SpamCop finds it in there somewhere. http://www.spamcop.net/sc?id=z5922358693z8...003a64a7a49d13z Link to comment Share on other sites More sharing options...
turetzsr Posted July 15, 2014 Share Posted July 15, 2014 ...Did you try decoding the BASE64 code? Perhaps it's in there somewhere .... Link to comment Share on other sites More sharing options...
Farelf Posted July 15, 2014 Share Posted July 15, 2014 Yes, the links are in the Base64 stuff (as text), including innocent bystander AVG. Evidently parser "de-obfuscating" works just fine on that. incidentally, I use ToastedSpam for decoding - and there are many others. Had to remove linewrapping in the code by the way - O/P's mail client or something else in the receipt-copy-paste chain is not ideal for forensics but no big thing. Link to comment Share on other sites More sharing options...
David40 Posted July 17, 2014 Author Share Posted July 17, 2014 That's all Greek to me but thanks guys for confirming my suspicions. At least I know my eyesight isn't failing me. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.